A security flaw in Meta’s AI-powered support system has exposed a troubling reality about the growing role of artificial intelligence in customer support.

Hackers reportedly hijacked Instagram accounts by manipulating Meta’s AI support chatbot into granting them access to accounts they did not own. The issue affected both regular users and several high-profile accounts before Meta moved to patch the vulnerability.

How the Attack Worked

According to multiple reports, attackers discovered they could interact with Meta’s AI support assistant and convince it to change the email address associated with a target Instagram account.

Once the chatbot linked the attacker’s email address, the AI system would send a verification code to that new email. After entering the code, attackers could reset the account password and take complete control of the profile.

What makes this incident particularly alarming is that hackers did not need access to the victim’s email account, phone number, or device. The entire takeover process was reportedly carried out through conversations with Meta’s own AI-powered support tool.

Security researchers described the attack as less of a traditional hack and more of a failure in how the AI support system handled account recovery requests.

High-Profile Instagram Accounts Were Targeted

The exploit was allegedly used against several notable Instagram accounts, including:

• The Obama White House archive account
• Major brand accounts
• Government-related profiles
• Popular Instagram usernames with significant market value

Some compromised accounts were reportedly used to post unauthorized content before access was restored.

Cybersecurity researchers also reported that highly desirable short usernames were among the primary targets. These usernames often have substantial resale value in underground marketplaces.

Why the Vulnerability Was So Serious

Account recovery systems are supposed to be one of the most secure parts of any online platform.

In this case, attackers appear to have bypassed normal ownership verification by convincing the AI assistant that they were legitimate account holders.

The incident highlights a growing challenge for technology companies: balancing AI-powered automation with security.

While AI support tools can reduce wait times and improve customer service efficiency, they can also create new attack surfaces if sensitive actions are not protected by strict verification checks.

Meta Responds

Meta acknowledged the issue and said the vulnerability has been fixed.

The company stated that it has secured affected accounts and resolved the flaw that allowed unauthorized password reset requests through the AI support assistant.

However, Meta has not publicly disclosed exactly how many accounts were impacted before the patch was deployed.

What Instagram Users Should Do

Even though Meta has addressed the vulnerability, users should take additional steps to protect their accounts:

Enable Two-Factor Authentication (2FA)

Adding an extra layer of security makes it significantly harder for attackers to gain access, even if login credentials are compromised.

Review Account Security Settings

Check connected devices, login activity, recovery email addresses, and phone numbers to ensure nothing has been changed without your knowledge.

Use a Strong, Unique Password

Avoid reusing passwords across multiple websites and consider using a password manager.

Monitor Account Activity

Watch for unexpected password reset emails, login alerts, or changes to your profile information.

The Bigger Picture

This incident serves as a reminder that AI systems are only as secure as the safeguards built around them.

The problem was not that hackers broke into Meta’s infrastructure. Instead, they reportedly exploited weaknesses in how the AI assistant handled sensitive account recovery requests.

As more companies replace traditional support channels with AI-powered tools, security experts are warning that convenience should never come at the expense of proper identity verification.

The Instagram account takeover incident may become one of the first major examples of attackers successfully exploiting an AI customer support system at scale, raising important questions about how much authority AI should have over critical account security functions.

For users, the lesson is simple: enable two-factor authentication, review your security settings regularly, and never assume that automated systems are immune to human-style manipulation.

Read Next: How to Spot Fake Apps, Websites, and Scams Before It’s Too Late

• Share on Facebook
• Share on LinkedIn
• Share on Reddit
• Share on Threads
• Share on WhatsApp
• Share on Telegram
• Share on X